From 02552eb2784422ff993ec41c0377c496b6b97e60 Mon Sep 17 00:00:00 2001
From: Keagan McClelland <keagan.mcclelland@gmail.com>
Date: Fri, 27 Nov 2020 15:21:37 -0700
Subject: [PATCH] attempt to use P256 instead

---
 agent/src/Lib/Ssl.hs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/agent/src/Lib/Ssl.hs b/agent/src/Lib/Ssl.hs
index 94e5f82bb..c8e5700b0 100644
--- a/agent/src/Lib/Ssl.hs
+++ b/agent/src/Lib/Ssl.hs
@@ -306,7 +306,7 @@ writeIntermediateCert :: MonadIO m => DeriveCertificate -> m (ExitCode, String,
 writeIntermediateCert DeriveCertificate {..} = liftIO $ fromSys $ interpret $ do
   lift . lift $ time "Intermediate Cert Write Start"
     -- openssl genrsa -out dump/int.key 4096
-  segment $ openssl [i|genrsa -out #{applicantKeyPath} 4096|]
+  segment $ openssl [i|ecparam -genkey -name prime256v1 -noout -out #{applicantKeyPath}|]
   lift . lift $ time "Generate intermediate RSA Key"
   -- openssl req -new -config dump/int-csr.conf -key dump/int.key -nodes -out dump/int.csr
   segment $ openssl [i|req -new
@@ -333,7 +333,7 @@ writeIntermediateCert DeriveCertificate {..} = liftIO $ fromSys $ interpret $ do
 writeLeafCert :: MonadIO m => DeriveCertificate -> Text -> Text -> m (ExitCode, String, String)
 writeLeafCert DeriveCertificate {..} hostname torAddress = liftIO $ fromSys $ interpret $ do
   lift . lift $ time "Leaf Cert Write Start"
-  segment $ openssl [i|genrsa -out #{applicantKeyPath} 4096|]
+  segment $ openssl [i|ecparam -genkey -name prime256v1 -noout -out #{applicantKeyPath}|]
   lift . lift $ time "Generate leaf RSA Key"
   segment $ openssl [i|req -config #{applicantConfPath}
                              -key #{applicantKeyPath}